Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3104 articles · 171978 vulns · 36/41 feeds (7d)
← Back to list
7.8
CVE-2026-46242EXPLOITEDPATCHED
linux · linux_kernel

eventpoll: fix ep_remove struct eventpoll / struct file UAF

Description

Bad Epoll was introduced in 2023 in a commit that also introduced CVE-2026-43074, another race condition in the epoll code that was found by Anthropic’s Mythos. Mythos likely missed it because, with CVE-2026-43074 fixed, Bad Epoll doesn’t trigger KASAN (Kernel Address Sanitizer), the Linux kernel’s dynamic memory error detector.

Affected Products

VendorProductVersions
linuxlinux_kernel58c9b016e12855286370dfb704c08498edbc857a, 58c9b016e12855286370dfb704c08498edbc857a, 58c9b016e12855286370dfb704c08498edbc857a, 58c9b016e12855286370dfb704c08498edbc857a, 58c9b016e12855286370dfb704c08498edbc857a, f2451def095c1743adcfcb0cb5dadc86034e162a, a1f93804449d13f97dabd4b996817de4bf1ed67a, 5.15.209, 6.1.175, 6.4, 6.6

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
open sourcelinux kernelcert_advisory90%

References

  • https://git.kernel.org/stable/c/2de4db145b2992da496fea6c51f9839be678ae24
  • https://git.kernel.org/stable/c/9324de74a3a59b9fde9b62ee45ebaa71458ba2e5
  • https://git.kernel.org/stable/c/ef4ca02e95363e78977ca04340d44fe3b4b2b81f
  • https://git.kernel.org/stable/c/ced39b6a8062bac5c18a1c3df85634107eb8664a
  • https://git.kernel.org/stable/c/a6dc643c69311677c574a0f17a3f4d66a5f3744b

Related News (6 articles)

Tier D
SecurityWeek1d ago
Proof-of-Concept Exploit Released for Linux ‘Bad Epoll’ Root Access Vulnerability
→ No new info (linked only)
Tier E
Lobsters Security2d ago
Bad Epoll (CVE-2026-46242)
→ No new info (linked only)
Tier D
The Hacker News3d ago
New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android
→ No new info (linked only)
Tier B
BSI Advisories36d ago
[NEU] [mittel] Linux Kernel: Schwachstelle ermöglicht Denial of Service
→ No new info (linked only)
Tier A
Microsoft MSRC37d ago
CVE-2026-46242 eventpoll: fix ep_remove struct eventpoll / struct file UAF
→ No new info (linked only)
Tier C
VulDB37d ago
CVE-2026-46242 | Linux Kernel up to 6.18.32/7.0.9 eventpoll ep_remove_file f_ep use after free
→ No new info (linked only)
CVSS 3.17.8 HIGH
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA KEV❌ No
Actively exploited✅ Yes
Patch available
ef4ca02e95363e78977ca04340d44fe3b4b2b81fced39b6a8062bac5c18a1c3df85634107eb8664aa6dc643c69311677c574a0f17a3f4d66a5f3744b06.18.337.0.107.1-rc1
PublishedMay 30, 2026
Last enriched1d agov5
Tags
CVE-2026-46242Bad EpollCVE-2026-43074
Trending Score63
Source articles6
Independent6
Info Completeness9/14
Missing: epss, cwe, kev, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

HIGHCVE-2026-43284EXPKEV
xfrm: esp: avoid in-place decrypt on shared skb frags
Trending: 149
HIGHCVE-2026-43500EXPKEV
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
Trending: 141
HIGHCVE-2026-53359EXP
KVM: x86: Fix shadow paging use-after-free due to unexpected role
Trending: 81
CRITICALCVE-2026-53360EXP
KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use
Trending: 56
HIGHCVE-2026-46300EXP
net: skbuff: preserve shared-frag marker during coalescing
Trending: 49

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
May 30, 2026
Discovered by ZDM
May 30, 2026
Updated: description, affectedVersions, severity, cvssEstimate, tags
May 30, 2026
Updated: tags
Jul 3, 2026
Actively Exploited
Jul 4, 2026
Exploit Available
Jul 4, 2026
Patch Available
Jul 4, 2026
Updated: description, affectedVersions, tags
Jul 6, 2026
Updated: description
Jul 6, 2026

Version History

v5
Last enriched 1d ago
v5Tier D1d ago

Added affected versions 6.4 and 6.6, included CVE-2026-43074 in tags, and provided additional technical details in the description.

description
via SecurityWeek
v4Tier D1d ago

Added detailed technical description of the vulnerability, included new affected version 6.6, and added CVE-2026-43074 as a related tag.

descriptionaffectedVersionstags
via SecurityWeek
v3Tier D3d ago

Updated description to include the impact of the vulnerability on unprivileged users and added a new tag 'Bad Epoll'.

tags
via The Hacker News
v2Tier C37d ago

Updated severity to CRITICAL, added affected versions 6.18.32 and 7.0.9, and noted that no exploit is available.

descriptionaffectedVersionsseveritycvssEstimatetags
via VulDB
v138d ago

Initial creation